An Anti-pattern for Misuse Cases

Mohammad Torabi Dashti, Saša Radomirović

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Misuse case analysis is a method for the elicitation, documentation, and communication of security requirements. It builds upon the well-established use case analysis method and is one of the few existing techniques dedicated to security requirements engineering. We present an anti-pattern for applying misuse cases, dubbed “orphan misuses.” Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security. Common symptoms include implementation-dependent threats and overly general, vacuous mitigations. We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them.

Original languageEnglish
Title of host publicationComputer Security. SECPRE 2017, CyberICPS 2017
PublisherSpringer
Pages250-261
Number of pages12
ISBN (Electronic)9783319728179
ISBN (Print)9783319728162
DOIs
Publication statusPublished - 2018
Event1st International Workshop on Security and Privacy Requirements Engineering 2017 - Oslo, Norway
Duration: 14 Sep 201715 Sep 2017

Publication series

NameLecture Notes in Computer Science
Volume10683
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference1st International Workshop on Security and Privacy Requirements Engineering 2017
Abbreviated titleSECPRE 2017
CountryNorway
CityOslo
Period14/09/1715/09/17

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'An Anti-pattern for Misuse Cases'. Together they form a unique fingerprint.

  • Cite this

    Torabi Dashti, M., & Radomirović, S. (2018). An Anti-pattern for Misuse Cases. In Computer Security. SECPRE 2017, CyberICPS 2017 (pp. 250-261). (Lecture Notes in Computer Science; Vol. 10683). Springer. https://doi.org/10.1007/978-3-319-72817-9_16